The present decision has great significance as the first Supreme Court ruling over an issue regarding the liability of a financial institution for losses suffered by the user of electronic financial transaction due to electronic financial fraud methods like voice phishing. In the ruling, the Supreme Court presented judgment criteria that whether or not there is “intention or gross negligence of the user”, a condition for liability exemption of financial institutions under the Electronic Financial Transaction Act, shall be “judged by consideration on details of the financial accident like forgery of the means of access, the substance of the method like forgery and perception of the general public on the method, occupation and experience of the user of the financial transaction, and the totality of circumstances.” Based on this judgment criteria, the court ruled in the present case that the user was grossly negligent, and the financial institution was thus exonerated from liability. It can be said that auser’s duty of care toward future electronic financial fraud will be more “strictly” required after this decision. However, the present decision is difficult to support in that: (1) the decision, which equated exposure of financial transaction information with that of the access means, went beyond the scope of textual interpretation of the Act; (2) it hardly conducted assessment on the fraudulent act by a third part; and furthermore, (3) it gave the security level of the financial institution no consideration. It would be more reasonable if the “overall security level of the financial institution” was added to the judgment criteria for user’s gross negligence presented by the Supreme Court in the future. It is because the addition of this criterion would play a controlling role in influencing courts to be more cautious in deciding a user’s gross negligence, particularly in cases where the information security systems were vulnerable.